mcp-servers/mcp-gateway/LINKEDIN_TOKEN_GENERATION.md

# LinkedIn Access Token Generation Guide

## Current Status

Your LinkedIn app credentials are ready:
- ✅ **Client ID**: `782ff5x832tfn4`
- ✅ **Client Secret**: `WPL_AP1.Mwyqzyoyi6LguP4J.nP49EQ==`

However, LinkedIn requires specific API access permissions before you can generate tokens. Here's how to set that up:

---

## Step 1: Request API Access

LinkedIn requires you to request access to specific APIs for your app.

### Go to Your App Settings

1. Visit: https://www.linkedin.com/developers/apps
2. Click on your app
3. Go to the **Settings** tab

### Request Product Access

In the Settings page, find the **Products** section and request access to:

- **Sign In with LinkedIn** (for authentication)
- **Marketing Developer Platform** (if sharing content)
- **LinkedIn Jobs Search API** (optional, for job search features)

**Important:** For MCP usage, you primarily need one of these. Start with "Sign In with LinkedIn" which is the most commonly approved.

---

## Step 2: Once Access is Approved

LinkedIn will review your request (usually 5-10 minutes to 24 hours). Once approved:

### Option A: Generate Personal Access Token (Recommended for MCP)

If you're using this for personal/development purposes:

1. Go to your app → **Settings** tab
2. Scroll down to **Personal access tokens** section
3. Click **Generate token**
4. Choose scopes (at minimum: `r_liteprofile` and `r_emailaddress`)
5. Copy the token immediately (it won't be shown again)

This token is what goes in your `.env` file:
```env
LINKEDIN_ACCESS_TOKEN=your_personal_token_here
```

### Option B: OAuth2 Authorization Code Flow (For user login)

If you want to authenticate via LinkedIn login:

1. Direct user to:
```
https://www.linkedin.com/oauth/v2/authorization?
  response_type=code
  &client_id=782ff5x832tfn4
  &redirect_uri=http://10.0.0.25:4444/callback
  &scope=r_liteprofile%20r_emailaddress
  &state=random_string_here
```

2. User approves access
3. LinkedIn redirects to your callback URL with an authorization code
4. Exchange the code for an access token:

```bash
curl -X POST https://www.linkedin.com/oauth/v2/accessToken \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "grant_type=authorization_code" \
  -d "code=AUTHORIZATION_CODE_FROM_REDIRECT" \
  -d "redirect_uri=http://10.0.0.25:4444/callback" \
  -d "client_id=782ff5x832tfn4" \
  -d "client_secret=WPL_AP1.Mwyqzyoyi6LguP4J.nP49EQ=="
```

Response will contain:
```json
{
  "access_token": "your_access_token_here",
  "expires_in": 5184000,
  "token_type": "Bearer"
}
```

---

## Step 3: Add to .env File

Once you have your access token (either from personal token generation or OAuth flow):

```bash
nano /sessions/vigilant-elegant-ramanujan/mnt/MCP\ Servers/mcp-gateway/.env
```

Add or update:
```env
# LinkedIn MCP Server
LINKEDIN_ACCESS_TOKEN=your_access_token_here
LINKEDIN_API_KEY=optional_if_enterprise_access
```

---

## Understanding Token Types

### Personal Access Token
- **Use case**: Development, testing, personal use
- **Scope**: Limited to your account
- **Duration**: Varies (usually 1-12 months)
- **Approval**: Often faster
- **Best for**: MCP gateway running on personal machine

### OAuth2 Bearer Token
- **Use case**: User delegation, multi-user scenarios
- **Scope**: Limited to approved scopes
- **Duration**: Shorter (usually 60 days)
- **Approval**: Required for each user
- **Best for**: Customer-facing applications

---

## Troubleshooting

### "Access Denied" or "Product Access Not Granted"

**Solution**: Your app needs to request API access in the Products section.

1. Go to https://www.linkedin.com/developers/apps
2. Select your app
3. Go to **Products** or **Authorized products**
4. Click **Request access** for desired APIs
5. Fill in the form about your use case
6. Submit and wait for approval

### "Invalid Scope"

**Solution**: You're requesting scopes your app doesn't have access to.

Start with basic scopes:
- `r_liteprofile` - Basic profile data
- `r_emailaddress` - Email address
- `r_basicprofile` - Basic profile (some APIs)

Don't request enterprise scopes until your app is approved for them.

### Token Expired

**Solution**: Generate a new token.

LinkedIn tokens expire periodically. Before expiration:
1. Generate a new personal token, or
2. Refresh the OAuth token using refresh_token (if available)
3. Update .env with new token
4. Restart gateway container

### "Unauthorized" When Using Token

**Solution**: Verify the token is correct.

```bash
# Test your token
curl -X GET https://api.linkedin.com/v2/me \
  -H "Authorization: Bearer YOUR_TOKEN_HERE"

# Should return your LinkedIn profile, not an error
```

---

## Estimated Timeline

| Step | Duration | Notes |
|------|----------|-------|
| Request API Access | 5 min | Immediate submission |
| LinkedIn Review | 5 min - 24 hours | Usually fast for personal tokens |
| Generate Token | 1 min | Immediate once approved |
| Update .env | 1 min | Simple edit |
| Test Token | 1 min | Curl request to verify |
| Deploy Changes | 5 min | Docker rebuild |

**Total**: Usually 10-30 minutes

---

## Next Steps

1. ✅ Go to your LinkedIn app settings
2. ✅ Request access to required APIs
3. ✅ Wait for approval (typically 5-60 minutes)
4. ✅ Generate personal access token
5. ✅ Add token to .env file
6. ✅ Rebuild and restart gateway:
   ```bash
   cd /path/to/mcp-gateway
   docker-compose down
   docker-compose build
   docker-compose up -d
   ```
7. ✅ Verify LinkedIn service is healthy:
   ```bash
   curl http://10.0.0.25:4444/dashboard/status | jq '.services[] | select(.name=="LinkedIn")'
   ```

---

## Quick Reference

**Your LinkedIn App:**
- App ID: `782ff5x832tfn4`
- Settings: https://www.linkedin.com/developers/apps
- Test endpoint: `https://api.linkedin.com/v2/me`
- MCP Gateway callback: `http://10.0.0.25:4444/callback`

**Environment Variable:**
```env
LINKEDIN_ACCESS_TOKEN=<paste_your_token_here>
```

---

## LinkedIn API Documentation

- **Official Docs**: https://docs.microsoft.com/en-us/linkedin/
- **OAuth2 Guide**: https://docs.microsoft.com/en-us/linkedin/shared/authentication/authentication
- **Jobs API**: https://docs.microsoft.com/en-us/linkedin/jobs/jobs-api/
- **Marketing API**: https://docs.microsoft.com/en-us/linkedin/marketing/marketing-api/

Get your token and we'll complete the setup! 🚀